Docstoc

Exploring Buffer Overflow Vulnerabilities

Document Sample
Exploring Buffer Overflow Vulnerabilities Powered By Docstoc
					BUFFER OVERFLOW VULNERABILITIES


       CPSC 620 Presentation
            12/3/2009




             Prudhviraj Karumanchi
             Vijay Venugopalan
             Vijaya Raghavan
CONTENTS
 Motivation
 Basic structure of process memory

 Buffer Overflow

 Canary Method

 Static Analysis

   ARCHER
   BOON
   SPLINT
   Polyspace C Verifier
       UNO
o Conclusion
MOTIVATION
   Buffer Overflows constitute for about 50% of the
    vulnerabilities reported by CERT.

   According to National Vulnerability Database
    (NVD) CVE statistics, 563 buffer overruns were
    detected in 2008 and 431 buffer overruns out of
    4,634 vulnerabilities were detected in 2009 till
    September.

   Educate “Future” software programmers.
BUFFER ?

           Buffer :
           A temporary space in memory
           used to hold data.

           Buffer Overflow :
           Happens when data written
           into the buffer is larger than
           the size of the buffer.

           In turn overwrites adjacent
           memory locations
SAMPLE BUFFER OVERFLOW FUNCTION

 GetInput()
 {
     char buffer[8];
     gets(buffer);
     puts(buffer);       Dangerous
 }                       Function !!!
VIRTUAL ADDRESS SPACE
A LOOK AT THE STACK




                Local
               Variabl
                 es
OVER WRITING THE “RETURN ADDRESS”
 #include<stdio.h>

 notToExecute()
 {
     printf(“This is not to be run\n");
 }

 GetInput()
 {
     char buffer[8];
     gets(buffer);
     puts(buffer);
 }

 main()
 {
     GetInput();
     return 0;
 }
CANARY METHOD TO DETECT BUFFER
OVERFLOWS
   Stack canaries, are used to detect a stack buffer overflow
    before execution of malicious code can occur.

   This method works by placing a small integer, the value of
    which is randomly chosen at program start, in memory just
    before the stack return pointer.

    Most buffer overflows overwrite memory from lower to
    higher memory addresses, so in order to overwrite the
    return pointer (and thus take control of the process) the
    canary value must also be overwritten.
STATIC ANALYSIS OF TOOLS
          Tools                Analysis

    ARCHER               Symbolic, interprocedural,
                         flow-sensitive analysis
      BOON               Integer ranges, interprocedural
                         flow-insensitive analysis
                         for string functions.
  Polyspace C Verifier   Abstract interpretation,
                         Interprocedural, flow-sensitive.
     SPLINT              Lightweight static analysis,
                         Intraprocedural.
       UNO               Model checking, interprocedural,
                         flow-sensitive.
DETECTION AND FALSE ALARM RATES

   System     Detection   False Alarm

  PolySpace    0.87          0.5

  SPLINT       0.57          0.43

   BOON        0.05          0.05

  ARCHER       0.01           0

   UNO          0             0
CONCLUSION
   No Software can be 100% bug free.

   Buffer overflows can be reduced by reduced by enforcing better
    programming practices from the very early stages of Software
    Engineering.
   Some of these are:
       Use of wrappers
       Training software programmers with ‘Good’ programming
        practices
           Use of memn*() functions instead of str*() functions
           calloc() instead of malloc()
           Proper free()ing of memory etc.,

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:18
posted:10/8/2012
language:Unknown
pages:12